Set up MFAget help

The following are the two options available to set up your MFA. Please select the device you plan to use for MFA and proceed to the setup instructions. 

Equipment needed for the set up

For the best experience, you will need the following equipment for your MFA set up:

  1. The device you planned to use for MFA (i.e., your mobile device or hardware token), and
  2. laptop/desktop to assist with the enrollment.

Featured Frequently Asked Questions (FAQs)

The following is a list of featured frequently asked questions relating to the setup of MFA. For the full list of FAQs, please visit our Frequently Asked Questions page for more information.

General

I don’t have, or I am unable to use a mobile device for MFA. What can I use instead?

If you don’t have a mobile device or are unable to use one for MFA, using a hardware token would be an alternative. A hardware token is a small device that displays the 6-digit code for logging into MFA.

SFU faculty and staff can request a hardware token by contacting the IT Service Desk at its-help@sfu.ca. You may either choose to receive the hardware token by mail or pickup at the Burnaby campus. Due to current COVID-19 measures, we encourage you to choose the mail option for your health and safety. 

Please include the following information when submitting your hardware token request to the IT Service Desk:

  1. Subject line: "MFA Hardware Token Request - Faculty/Staff"
  2. Message body:
    • A brief explanation on why you'd like to request a hardware token (e.g., don’t have access to a mobile device, preference towards a non-personal device, requesting a replacement, etc.)
    • Your contact information (SFU computing ID, full name, phone number, and department)
    • Your preferred method of receiving the token (mail/pickup). If you need someone else to pick up the token, please include the individual's name.

Can I enroll both a hardware token and mobile device?

No; Currently, our system does not support multiple MFA devices.

What if my mobile device/hardware token is left at home, is lost, or runs out of battery?

In the case where you don't have your phone or hardware token with you, you can use one of your backup codes for access to your SFU account. 

  • Where to locate your backup codes: When you first set up multi-factor authentication on your mobile device, you are given a list of one-time backup codesEnsure that you print/write them down and store them in a safe, accessible place, such as your wallet.
  • If you have already gone through the MFA setup process and missed the opportunity to print/write down the list of backup codes for safekeeping, be sure to sign into the SFU MFA Management App to retrieve or generate new backup codes before you come across a scenario of not having your mobile device/hardware token with you.

If your hardware token is lost, stolen or broken, please contact IT Service Desk at its-help@sfu.ca for a replacement. Please include the following information when submitting your hardware token request to the IT Service Desk:

  1. Subject line: "MFA Hardware Token Request - Faculty/Staff"
  2. Message body:
    • A brief explanation on why you'd like to request a hardware token (e.g., requesting a replacement)
    • Your contact information (SFU computing ID, full name, phone number, and department)
    • Your preferred method of receiving the token (mail/pickup). If you need someone else to pick up the token, please include the individual's name.

Mobile Device

Do I need to have cellular service or data coverage to use the MFA mobile application?

No; Aside from the initial app download, MFA applications do not require any internet connection, cell service, or data coverage to function.

I already have an app that does MFA, can I use that?

Applications that support the TOTP (Time-based One-time Password) protocol will work for multi-factor authentication at SFU. If you already have an MFA application that you are using for other services, you may continue to use that application for MFA at SFU as well.

*TOTP protocol for multi-factor authentication requires a time-based (30 second) code that the user must enter. It changes every 30 seconds to maximize security.

Will my personal information be collected through MFA and/or the MFA app?

No; SFU’s MFA service is built and hosted at SFU and does not collect personal information. In addition, the recommended mobile app, LastPass Authenticator, does not collect personal information.

How it works: When you scan the QR code with your mobile app as part of the initial MFA setup, the app is obtaining a secret key from SFU’s MFA servers from which your MFA login codes will be generated. From that point onward, there is no MFA-related communication made from your mobile app: Your mobile app only relies on your mobile device’s time and the secret key for the MFA login code generation every 30 seconds. This is also why the app does not require cellular service nor an internet connection to function.

Can use a tablet or other mobile device that is not a smartphone for MFA?

Any "smart device", such as iPad or Android tablet, can be used to run an MFA application.

Note. MFA applications do not require any cell service or data coverage to work, but you will need internet access when you first download the application onto your device.

Hardware Token

Is the hardware token free of charge?

At this time, the hardware token is free for all SFU faculty and staff.

Can the hardware token be mailed outside of Canada?

Yes, we can mail the hardware token outside of Canada.

Can I have someone else to pickup the hardware token on my behalf?

Yes, please make sure to specify the individual's name when submitting a hardware token request.

Please include the following information when submitting your hardware token request to the IT Service Desk:

  1. Subject line: "MFA Hardware Token Request - Faculty/Staff"
  2. Message body:
    • A brief explanation on why you'd like to request a hardware token (e.g., don’t have access to a mobile device, preference towards a non-personal device, requesting a replacement, etc.)
    • Your contact information (SFU computing ID, full name, phone number, and department)
    • Your preferred method of receiving the token (mail/pickup). If you need someone else to pick up the token, please include the individual's name.

Can I use my personal hardware token (OTP token device) instead of requesting one?

No, since the hardware tokens are pre-programmed to your SFU account before giving it to you, using your own or personal hardware tokens will not be compatible with our systems.

 

Have questions? Please see our collection of Frequently Asked Questions.

For additional assistance, please contact your department’s IT staff or the IT Service Desk.